UbuntuUbuntu Based

How To Install SELinux on Ubuntu 22.04 LTS

Install SELinux on Ubuntu 22.04

In this tutorial, we will show you how to install SELinux on Ubuntu 22.04 LTS. For those of you who didn’t know, SELinux is not installed by default in Ubuntu. Security Enhanced Linux is primarily used by the Red Hat-based Linux distributions, which include Red Hat Enterprise Linux, CentOS, and Fedora. Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the SELinux on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install SELinux on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2 software-properties-common

Step 2. Check AppArmor.

Your Ubuntu 22.04 installation probably runs AppArmor by default. To verify its status run the following command:

sudo systemctl status apparmor

If it is running, you will see output like this:

apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
     Active: active (exited) since Sat 2022-11-10 08:18:10 EDT; 1h 46min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
   Main PID: 679 (code=exited, status=0/SUCCESS)

Oct 08 08:16:12 imaginelinux systemd[1]: Starting Load AppArmor profiles...
Oct 08 08:16:12 imaginelinux apparmor.systemd[679]: Restarting AppArmor
Oct 08 08:16:12 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles
Oct 08 08:16:12 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo>
Oct 08 08:16:12 imaginelinux systemd[1]: Finished Load AppArmor profiles.

In the more common case, where AppArmor is running, stop it:

sudo systemctl stop apparmor
sudo systemctl disable apparmor

Step 3. Installing SELinux on Ubuntu 22.04.

By default, SELinux is available on Ubuntu 22.04 base repository. Now install the latest version of SELinux to your Ubuntu system using the following command:

sudo apt install policycoreutils selinux-basics selinux-utils

Once it’s finished, you can then activate it:

sudo selinux-activate

Output:

SELinux is activated. You may need to reboot now.

Do not reboot immediately! First, review the current state of your new SELinux host:

getenforce

This shows the one-word response:

Disabled

This means that your SELinux is ready to work. It’s “active” but not yet turned on.

Step 4. Enabling SELinux Modes on Ubuntu 22.04.

There are three different modes that you can use with SELinux. The first is disabled, which does the same as its name. It disables using the SELinux service. When SELinux is activated, you can set it to permissive or Enforcing modes. In the permissive mode, only the monitoring of the interaction is done. However, if you want to filter and monitor the interaction, use the enforcing mode.

By default SELinux on Ubuntu run in permissive mode. To enable SELinux, Open the /etc/selinux/config file and set SELINUX=enforcing.

Step 5. Disable SELinux on Ubuntu 22.04.

Disabling SELinux is easier as it’s enabled and installed. Basically, there are two ways of disabling it. Either temporarily or permanently. Disabling SELinux temporary makes it disable for a while until the next boot, and as soon as the computer is turned on again the state is restarted.

The best way to disable it is to change its status to permissive:

nano /etc/selinux/config

Follow the configuration:

FROM:
SELINUX=enforcing
TO:
SELINUX=permissive

Save and close the file, then reboot your system for the changes to take effect:

reboot

After a successful reboot, you can run the following command to check the SELinux status:

sestatus

Congratulations! You have successfully installed SELinux. Thanks for using this tutorial for installing the SELinux on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Ubuntu website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Back to top button